Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • kometa 23 posts 76 karma points
    Jul 11, 2019 @ 11:27
    kometa
    0

    Security Advisory 9.7.19

    Hi,

    I would like to use the quick fix solution to patch the security issue with the UmbRegisterController. The suggestion is to download the custom code from here, which should be added to the App_Code folder.

    Can anybody tell me please if all I need to do is to just drop this code as a new class in the App_Code folder or do I need to reference it from my code where the UmbRegisterController is being used?

    Thanks!

    Copy Link
  • Kevin Jump 2342 posts 14889 karma points MVP 8x c-trib
    Jul 11, 2019 @ 11:34
    Kevin Jump
    100

    Hi

    A new class in App_Code should be fine. the file contains everything it needs to register and run at startup.

    Kevin

    Copy Link
  • kometa 23 posts 76 karma points
    Jul 11, 2019 @ 11:38
    kometa
    0

    That's great, thanks Kevin for your help!

    Copy Link
  • Jeffrey Schoemaker 408 posts 2138 karma points MVP 8x c-trib
    Jul 15, 2019 @ 12:41
    Jeffrey Schoemaker
    1

    Hi all,

    we've also created a .dll that contains the fix. Just copy over this into your bin-folder and you're ready:

    For version 6: https://downloads.perplex.eu/umbracosecurityfix/UmbracoSecurityPatch20190709v6.dll

    For version 7: https://downloads.perplex.eu/umbracosecurityfix/UmbracoSecurityPatch20190709v7.dll

    Happy patching!

    Jeffrey

    Copy Link
  • Dennis Aaen 4500 posts 18255 karma points admin hq c-trib
    Jul 15, 2019 @ 13:21
    Dennis Aaen
    0

    Hi Jefferey,

    Just want to let you know. I have just tried your links and they return in 404, it seems only to take half of the link when you click at it.

    So maybe you should make a short link or so.

    All the best,

    /Dennis

    Copy Link
  • Jeffrey Schoemaker 408 posts 2138 karma points MVP 8x c-trib
    Jul 15, 2019 @ 13:27
    Jeffrey Schoemaker
    0

    Thanks for testing it out. I've updated the url's and now they work!

    Copy Link
  • Dennis Aaen 4500 posts 18255 karma points admin hq c-trib
    Jul 15, 2019 @ 13:31
    Dennis Aaen
    0

    Hi Jeffrey,

    You are welcome. I have now tried to download the files again and its working just fine now.

    /Dennis

    Copy Link
  • Amir Khan 1287 posts 2744 karma points
    Jul 15, 2019 @ 14:32
    Amir Khan
    0

    Is this fix recommended for all Umbraco installations or just those using certain functionality? Didn't see a post or email about it.

    Copy Link
  • Jeffrey Schoemaker 408 posts 2138 karma points MVP 8x c-trib
    Jul 15, 2019 @ 14:42
    Jeffrey Schoemaker
    0

    Hi Amir,

    it was over here: https://umbraco.com/blog/security-advisory-july-9th-2019/.

    Versions affected are:

    6.2.0-6.2.6 (any v6 site since 6.2.0)
7.0.0-7.14.0 (any v7 site since 7.0.0 and lower than 7.15.0)
8.0.0-8.0.2 (any v8 site since 8.0.0 and lower than 8.1.0)
    Copy Link
  • jake williamson 207 posts 873 karma points
    Jul 22, 2019 @ 01:55
    jake williamson
    0

    hey there,

    i've applied the fix to a site but out of interest, how are people testing that the fix is actually working? i'm not seeing any urls mentioned in the https://umbraco.com/blog/security-advisory-july-9th-2019/

    i'm guessing it's a case of making a post and making sure a 404 is returned?

    any pointers would be great!

    cheers,

    jake

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft